It’s a fact. Hackers want healthcare information. They want it even more than they want credit card information. Due to the value of electronic protected health information (ePHI), healthcare has been hammered by some of the most damaging attacks in any industry as of late. In 2016 alone, the healthcare industry averaged a data breach every single day, flooding underground marketplaces with fraudulently obtained personal information.
Earth Day is upon us. This annual celebration began back in 1970, backed by participants 20 million strong and it has grown every year since then. All these years later, more than a billion people around the world are expected to observe this movement by raising awareness for the environment, natural resources, and wildlife. A justified global phenomenon, the concepts of eco-friendliness and ‘being green’ are now quite mainstream. Today, organizations, governments, and many other groups organize around these concepts and activities to produce policies and practices that aim to take better care of our Earth.
At one time, a single private company data center could consume enough power to supply tens of thousands of homes – in a single day. IT equipment energy use has an interesting profile, as we refer to an EPA report presented before Congress on Server and Data Center Energy Efficiency:
At its most basic definition, a risk assessment is simply a standardized way to evaluate the potential risks of an activity or process. In the hosting industry, though, the need for a risk assessment usually comes up during the need to comply with security rules enacted by the health insurance portability and accountability act (HIPAA). Any business dealing with sensitive data and health care details has a legal responsibility to protect that data. Once safeguards are in place, organizations must complete a risk assessment to ensure full HIPAA, or other security measures such as payment card industry (PCI), compliance. But what is included in the risk assessment, and what makes it so important?
(more…)
In the tech industry, we’re always thinking about moving forward. But today is actually a day dedicated to backing up. March 31st is World Backup Day! Yes, there is such a day, and you can even take a pledge to confirm its importance. World Backup Day is an independent initiative by Reddit users to raise awareness about backups and data preservation. It serves as an important reminder for all of us to back up our data.
Whether you’re running your own servers, an eCommerce website or CRM system, or managing your personal finances and family photos on your laptop, the importance of backing up your data cannot be overstated. Not only is it important to back up your data, it’s important to think about HOW you back up your data.
• Make sure your data is backed up in multiple locations (onsite and offsite)
• Determine how often your data is backed up – confirm with your hosting provider that it is backed up as often as you need
• Confirm data backups are free of corruption
• Confirm data restores are working properly
Check out one of the videos in our eCommerce security series that focuses specifically on what to consider when designing your backup strategy.
At Hostway, we offer a range of managed backup solutions to fit every budget and use case – from SMB to large enterprise. Regardless of which solution you choose, a Hostway solutions engineer will work with you to build the best backup for your unique needs.
Recently, the Cisco Talos security threat research team turned up a significant new threat launched via Microsoft Word. The attack infects systems with malware by quietly using the domain name server (DNS) to make contact with Windows PowerShell command instructions from the attacker.
The attack is initiated by the delivery of a malicious Microsoft Word document. The document looks like it’s from a McAfee-branded secure email service. But upon opening, the document launches a Visual Basic for Applications macro, which then launches PowerShell commands. The system then calls out to a collection of domain records that have been specially constructed by the hacker to help execute on privileged system control.
As the attack unfolds, it is determined whether the user has privileged access using a second stage of PowerShell commands. The PowerShell commands then enter a third act where the Windows System Registry is modified to allow backdoor access. If the user does have privileged access, the Windows Management Instrumentation (WMI) database is modified, so that the backdoor is maintained throughout reboots.
At this point, the infected system queries select DNS records that are built into the script. These requests pull in TXT records from the loaded DNS query, which contain further PowerShell commands. Because the attacker controls the remotely queried DNS records, they can implement any command they desire and execute it locally with full administrative privileges.
There are a number of weaknesses here to point out. First off, domain name servers are a critical and fundamental component to any network environment. On a typical network, they’re rarely monitored, policed or blocked. Commands that transmit through DNS traffic can be fractional and difficult to detect as there are many billions of records across many different types of DNS requests. Secondly, there is a serious gateway flaw that allows document programs to launch external programs, especially those that can modify the system environment.
While the exploit only affects PCs that run Microsoft Word, and not mobile systems, the overwhelming majority of environments use just those two things. No other productivity application and platform combination comes close. Further, as a matter of convenience, companies in many environments allow users the administrative rights to fully control their own systems. This sort of infection has a wide potential base of attack, and it’s proving to be very difficult to detect in most environments.
Once a system is infected, corrective actions on the system will likely be difficult. The breadth of commands and modifications that can be launched in the final stage can prove to be quite complex and possibly irreversible. In cases where the infection has not gotten to the final stages due to a lack of user privileges, the cleanup may be more feasible. This is because the PowerShell commands at these stages are not persistent and are based on sessions, which can be terminated.
There’s a mantra in security that identifies the core components of people, processes and technology. Preventing these sorts of attacks counts on all three points.
Further, Cisco’s Talos Intelligence group suggests the following options to prevent an attack.
As Hostway customers, thousands of companies have benefitted from security and compliance capabilities that cannot be matched in the cloud and hosting industry. Hostway provides leading security solutions, executes corporate-grade continuity strategies and monitors the ever-changing threat landscape for developments that may compromise client environments.
Call (+1.866.680.7556) or chat with Hostway today for a free vulnerability scan.
You're working in the healthcare space, and you want to enjoy the benefits of cloud hosting, but you have concerns about how to do so while adhering to strict compliance standards.
(more…)
American history is rich, vibrant and steeped in tradition – just take President’s Day, which is celebrated on the third Monday of February each year, in honor of George Washington’s birthday. (more…)
AUSTIN, Tex., February 20, 2017 – Hostway, with thousands of customers worldwide, is the industry-leading compliant hosting company and most trusted managed hosting provider. Today at the Healthcare Information and Management Systems Society (HIMSS) Conference in Orlando, the company announced a broad portfolio of managed solutions that are compliant with the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH), with an attestation for electronic protected health information (ePHI). Organizations that are required to comply with HIPAA and HITECH can confidently use the managed services of Hostway.
In recognition of its very high standards and strict processes, Hostway has received an attestation from external independent auditors. The company will provide additional peace of mind for customers via a signed Business Associate Agreement (BAA) validating that it will appropriately safeguard protected health information.
Hostway’s approach is comprehensive – assisting enterprises with full HIPAA/HITECH implementations and ongoing IT infrastructure management, along with 24×7 coverage from expert HIPAA analysts.
“The expansion of Hostway’s HIPAA offerings builds on the company’s commitment to offer trusted and secure cloud solutions that comply with the highest industry standards. More than $58 million in fines have been levied for failures to properly protect patients’ information,” said Emil Sayegh, CEO of Hostway. “We’re providing those who require HIPAA compliance the highest levels of trust and the peace of mind they deserve. The BAAs we provide are backed by the extraordinary measures we take to deliver industry-leading compliance services.”
“We’ve been a happy Hostway customer for more than a decade. As our hosting demands have evolved, Hostway has always exceeded our expectations. And when our privacy and security requirements increased, Hostway was there to implement an excellent HIPAA-compliant hosting solution.” said Jesse Randall, director of infrastructure and security at Ecteon, a leading SaaS provider for contract management software for the healthcare community.
The expansion of Hostway’s HIPAA offerings builds on the company’s commitment to offer trusted and secure cloud solutions that comply with the highest industry standards. To ensure security compliance, Hostway employs a range of technologies and services that include intrusion detection and prevention systems (IDPS), Virtual Private Network (VPN), multi-factor authentication, web application firewall (WAF), file integrity monitoring, security event log management, threat monitoring, threat response and data encryption.
With more than 19 years of hosting and cloud experience, the company delivers hosted services, public/private/hybrid clouds, along with managed services, on-boarding, consulting and professional services to many of the world’s most significant brands. More than 40 leading healthcare organizations already trust Hostway to deliver HIPAA-compliant services today, and the number continues to grow rapidly.
More information about how Hostway can assist with HIPAA compliant cloud hosting is available at https://hostway.com/products-services/hipaa-compliance, or visit Hostway at HIMSS, booth 8053.
About Hostway Services
Hostway is the world’s most trusted managed compliant hosting provider, delivering complex, managed cloud infrastructure and application hosting solutions for mission critical software. Its team of engineers in North America, Europe, and Asia deliver reliable, secure and scalable, managed private cloud, managed cloud and hybrid cloud hosting solutions to thousands of customers across ten geographically diverse SSAE 16 and ISO 27001 data centers around the world while ensuring strict compliance such as PCI, HITRUST and HIPAA. At Hostway, every customer interaction is treated as an opportunity to develop a long-term relationship based on trust. Visit http://hostway.com for more information.
# # #
By Peter Marsh, Senior Manager of Corporate IT and Security Services
(more…)
Industry: Telco, Global Partner
Challenges: During the sales process, the Cable ONE Business field sales team realized there were issues with the channels available to prospective clients.
Solution: Web Presence
Cable ONE Business contacted Hostway to address the sales team’s worries. The company decided to create custom websites for each individual field sales representative so that prospective customers could directly contact their local team member instead of being routed through the call center.
Business Outcome: The personalized websites bolstered Cable ONE Business’ sales and marketing efforts, and field representatives felt more confident about their ability to engage with prospective clients. Without the Hostway solution, sales agents feared that they might lose to the call center should potential customers turn to the corporate contact for more information.
Hostway recently helped a popular telecommunications company enhance its sales and marketing efforts by hosting personalized websites geared toward prospective clients.
During the sales process, the Cable ONE Business field sales team realized there were issues with the channels available to prospective clients. Before contacting Hostway, the company’s website funneled visitors and potential clients to the corporate call center as opposed to local sales representatives.
The Cable ONE Business field sales staff felt that they were losing considerable opportunities to engage with potential clients, because the only online avenue for those seeking information online about Cable ONE Business was the corporate website, which directed visitors to the corporate contact center number. The field sales staff wanted to provide potential clients with an online resource for additional information, but did not want to risk losing the sale to the corporate call center.
Cable ONE Business contacted Hostway to address the sales team’s worries. The company decided to create custom websites for each individual field sales representative so that prospective customers could directly contact their local team member instead of being routed through the call center. With Hostway’s help, Cable ONE Business was able to establish tailored micro websites, each providing more information about the products and services available, as well as the contact information for the sales agent in the area. The company employed an advertising agency to design the website template, then provided those files to Hostway. Using this information, Hostway was able to develop the overall process for creating and managing each individual microsite.
The personalized websites bolstered Cable ONE Business’ sales and marketing efforts, and field representatives felt more confident about their ability to engage with prospective clients. Without the Hostway solution, sales agents feared that they might lose to the call center should potential customers turn to the corporate contact for more information. Now, with the micro-sites deployed, prospects have a place to go for more details about Cable ONE Business’ products and services and for the contact information of their local sales representative.
In addition to streamlining the process that potential customers use to contact a sales agent, the new websites also strengthened relationships between Cable ONE Business’ internal teams. Now, field sales representatives feel they have more support from the corporate marketing team, and sales channel conflicts have been reduced. At the same time, the call center still serves a valuable purpose for the company without taking away from the field sales team’s efforts.
Cable ONE Business also is considering adding even more content to these sites in the near future, including testimonials and special offers. This would provide potential clients with a more robust information source for their questions and pre-service needs.
Hostway’s micro-websites benefited Cable ONE Business in several ways, including unifying its sales and marketing efforts and ensuring prospective customers get the most specific information possible. The tailored sites prevented the sales team from losing opportunities to engage with prospects without disrupting the processes of the corporate contact center.
“Hostway’s website hosting made all the difference for Cable ONE Business sales team,” noted Jim Ciampaglio, Hostway Vice President of Channel Partners. “The individual, personalized websites allow the field representatives to better connect with prospective clients and help ensure they are getting the information they need when they need it. Hostway is happy to be a part of Cable ONE Business’ online presence.”